How To Encrypt Your Email & Other Communications

Across the globe, over 2 billion people are sending over 144 billion emails a day, and nearly every single one of those messages can easily be intercepted by someone other than the recipient. Even without the NSA spying on us, the insecurity of the protocol that makes up for so much human communication today, should be of concern to all of us.

Even if you encrypt your own internet connection, if you use Tor, or a VPN for example, once you send an email, the server usually passes that on in plain text, through several routers, eventually finding its way to the server hosting the recipients email account, and then the recipient usually will download or read that message through an unencrypted connection, that also has to pass through numerous routers across the internet. At any point along that path, someone with access to the equipment passing that traffic, can intercept the messages they are passing, and read them. Especially considering that 25% of all email communication is business related, it’s nothing short of insanity that security in this protocol is something that almost nobody stops to think about.

First off, good job on the HDD encryption and anonymous browsing articles.

I discovered PGP email encryption a few months ago, and I think it would be good to have a how-to article for those non-techies out there who feel a need to send secure emails.

Thanks,

Buckwheat

Lucky for you, it is possible to encrypt not only your emails, but other communications as well, using PGP. Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. It was created by Phil Zimmermann in 1991, and was later introduced as an internet standard known as OpenPGP, which now makes it available to you, for free, in a variety of ways. There is no known way to decrypt PGP, even the United States Federal Government has not cracked it, or at least, has not acknowledged the ability to do so. Zimmerman was actually investigated for exporting munitions after creating the program, because the United States Government considers encryption this strong, to be a weapon.

There are many ways to use PGP, this guide will be discussing GPG4Win, Microsoft Outlook, and a Chrome plugin called Mailvelope. Like all “How To Anarchist” guides, this guide assumes you have a basic understanding of how to browse the web and handle files. This guide also assumes you are using Windows, but PGP is available for Mac, Linux, Android, and other platforms.

Step 8. Now that your key has been created, let’s create a backup, click “Make a Backup of Your Key Pair”

Step 9. Choose a path to store the backup in, and click OK (Maybe you want to put it in the hidden volume of your TrueCrypt file) You don’t want anybody getting their hands on this file, this file in combination with your passphrase, will allow an attacker to decrypt your messages.

Step 10. Click File, then click “Export Certificates”

Step 11. Choose a location to save the certificate, and click save.

Step 12. The file you just saved is your “Public Key” send this file to people who you want to communicate securely with. When they send you a message, they will need this to encrypt the message for your eyes only. You can give anybody this key, you can even post it publicly on your website for all to see.

Step 13. Get certificates from other people who you want to send secure messages to, and import them into Kleopatra by Import Certificates.

Now that you have your certificates, you have a number of options available to you.

You can encrypt any message for anything, gmail, instant messenger, even facebook. For this example, I’m going to send my Facebook alter ego an encrypted message, then decrypt it.

Step 1. Open Notepad, it should be in your programs menu under accessories. Any text editor will do, and theoretically you could even begin typing your message on facebook, but, facebook, gmail, and other web applications read your text as you type it, sometimes because they are just nosey, in other cases because they are saving drafts.

Step 2. Type your message into notepad

Step 3. Press CTRL+A to Select All, Then CTRL+C To copy the message to the clipboard

Step 4. Find the Kleopatra icon in the system tray, right click on it, and in the resulting menu, go to clipboard, and click encrypt

Step 6. You will be shown a message informing you that the encryption has been completed, click OK.

Step 7. Open a messaging dialog with your friend on facebook, and press CTRL+V To paste the encrypted message to your friend

Step 8. When you receive the encrypted message, drag your mouse to highlight it, and press CTRL+C to copy it to the clipboard.

Step 9. Right click Kleopatra in the system tray again, go to clipboard, and click Decrypt/Verify

Step 10. Enter your passphrase.

Step 11. Kleopatra will inform you that the message has been copied to your clipboard, click finish, then go back to notepad and press CTRL+V to paste the decrypted message and read it.

You can use this method for any communications method you desire, facebook, webmail, instant messenger, anything that transfers text, that allows you to use a clipboard to copy and paste, can be encrypted and decrypted with Kleopatra.

If you have Microsoft Outlook installed, an extension for Outlook was included in your GPG4Win installation.

Using GPG4Win with Microsoft Outlook.

Step 1. Create a new email in Microsoft Outlook.

Step 2. Enter the address of the person you wish to send the message to (In this instance, I’m going to send myself an email for testing purposes, you should do the same), enter the subject (Subject will be readable by anyone who might intercept the message, nothing sensitive in the subject line), and enter your message.

Step 3. You should see a tab near the top of your new message window that says “GpgOL” Click on it.

Step 4. Click Encrypt

Step 5. Select the certificate of your recipient, if the recipient is in your contacts, it may already be selected, in which case, click OK.

Step 6. Your message is now encrypted, click send. It should look something like this.

Step 7. When you receive the encrypted message, double click it to open it, Click on the GpgOL tab in the window, and click Decrypt

Step 8. Enter your passphrase, and click OK.

Step 9. Read your decrypted message.

While writing this article, I found a really neat browser plugin for Google Chrome, called Mailvelope. There is a version in development for firefox as well, but I will just cover chrome for now.

Mailvelope is a browser plugin that makes using PGP in your webmail applications like GMail, Hotmail, and Yahoo! very simple.

Step 11. Click Transfer, and the encrypted message will be pasted into the body of the message, click OK to send.

Step 12. When you receive the encrypted message, the Mailvelope icon will appear on top of it, click on it

Step 13. Enter your passphrase, and click OK

Step 14. Read your decrypted message.

That’s pretty much it for this article. PGP is powerful encryption that is open source and available to anybody. If this guide confused you at all, let me know in the comments below, or in the forum, and I’ll try to clarify the confusion. Once you’ve done this a couple of times, it’s very easy to do, and it will make your communications impossible to intercept. That not only makes your life more secure, it makes the world a better place.

Feel free to add my public key to your address books, and send me encrypted messages anywhere, and be sure to share this article with your friends and on social networks. The more widely used this technology is, the less incriminating it looks, and of course, you can only exchange encrypted messages with someone who has set this up already and given you their public key.